DirectX: The New Hyper-V Attack Surface

Discover the shocking new attack surface in DirectX, including vulnerabilities in DSGK-VMB, vid-shi-signal-sync-object and DSG_KERNEL_Linux_KERNEL, and how they can be exploited using DxG kernel IOCTLs.

Key takeaways
  • The DSGK-VMB command is vulnerable to attacks due to the lack of proper initialization of variables in the cvn32k_logs structure.
  • The vid-shi-signal-sync-object function is vulnerable to non-pointer reference vulnerabilities, allowing an attacker to control the ISRs and access arbitrary memory locations.
  • The DSG_HOST_VIRTUAL_GPU_VMBOS_VMBOS_COMMAND_TABLE_VGPU2_HOST_TABLE table contains a large number of commands that can be used to exploit the vulnerability.
  • The DSG_KERNEL_Linux_KERNEL module is vulnerable to arbitrary address read vulnerabilities due to the lack of proper bounds checking.
  • The DxG kernel through a set of IOCTLs, provides a way to interact with the DSG kernel and exploit the vulnerability.
  • The Hyper-V direct as component architecture provides a new attack surface that can be exploited by an attacker.

More talks

DjangoCon 2022 | A use case of implementing Domain-Driven Design (DDD) in Django

37C3 - Turning Chromebooks into regular laptops

Connect remotely like a pro! Hack VPNs, avoid firewalls, connect even when your machine is down

Keynote: Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow

Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities

Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla's x86-Based Seat Heater

PAR: Securing the OAuth and OpenID Connect Front-Channel - Dominick Baier - NDC Security 2024

Unlimited Results: Breaking Firmware Encryption of ESP32-V3